debian/0000775000000000000000000000000012327670205007174 5ustar debian/patches/0000775000000000000000000000000012327667606010636 5ustar debian/patches/upstream_If-we-fail-creating-a-directory-log-it-into-syslog.patch0000664000000000000000000000153312327666376025154 0ustar From 1c4a257caac7cd33c61cf8834e9ef62c7cee9246 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=80lex=20Fiestas?= Date: Mon, 28 Apr 2014 18:00:11 +0200 Subject: [PATCH 1/5] If we fail creating a directory, log it into syslog --- pam_kwallet.c | 1 + 1 file changed, 1 insertion(+) diff --git a/pam_kwallet.c b/pam_kwallet.c index 392f029..18eb981 100644 --- a/pam_kwallet.c +++ b/pam_kwallet.c @@ -482,6 +482,7 @@ int mkpath(char *path, struct passwd *userInfo) if (stat(path, &sb)) { if (errno != ENOENT || (mkdir(path, 0777) && errno != EEXIST)) { + syslog(LOG_ERR, "Couldn't create directory: %s because: %d-%s", path, errno, strerror(errno)); return (-1); } else { if (chown(path, userInfo->pw_uid, userInfo->pw_gid) == -1) { -- 1.9.1 debian/patches/upstream_If-we-can-t-open-the-file-where-salt-will-be-saved-f.patch0000664000000000000000000000161612327666376025134 0ustar From 2820bb2f7f8d1418c50b66714b816af2bd2fe4f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=80lex=20Fiestas?= Date: Mon, 28 Apr 2014 18:01:09 +0200 Subject: [PATCH 2/5] If we can't open the file where salt will be saved, fail. Fixes crash. --- pam_kwallet.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pam_kwallet.c b/pam_kwallet.c index 18eb981..5224289 100644 --- a/pam_kwallet.c +++ b/pam_kwallet.c @@ -510,6 +510,13 @@ static char* createNewSalt(const char *path, struct passwd *userInfo) char *salt = gcry_random_bytes(KWALLET_PAM_SALTSIZE, GCRY_STRONG_RANDOM); FILE *fd = fopen(path, "w"); + + //If the file can't be created + if (fd == NULL) { + syslog(LOG_ERR, "Couldn't open file: %s because: %d-%s", path, errno, strerror(errno)); + return NULL; + } + fwrite(salt, KWALLET_PAM_SALTSIZE, 1, fd); fclose(fd); -- 1.9.1 debian/patches/upstream_If-kwallet_hash-fails-return-with-PAM_IGNORE.patch0000664000000000000000000000162612327666376023651 0ustar From 11c59016bd99242aaa24770cdac0db623c7dce23 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=80lex=20Fiestas?= Date: Mon, 28 Apr 2014 18:01:43 +0200 Subject: [PATCH 3/5] If kwallet_hash fails, return with PAM_IGNORE --- pam_kwallet.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pam_kwallet.c b/pam_kwallet.c index 5224289..e621795 100644 --- a/pam_kwallet.c +++ b/pam_kwallet.c @@ -245,7 +245,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons } char *key = malloc(sizeof(char) * KWALLET_PAM_KEYSIZE); - kwallet_hash(password, userInfo, key); + if (kwallet_hash(password, userInfo, key) != 0) { + pam_syslog(pamh, LOG_ERR, "pam_kwallet: Fail into creating the hash"); + return PAM_IGNORE; + } result = pam_set_data(pamh, "kwallet_key", key, NULL); if (result != PAM_SUCCESS) { -- 1.9.1 debian/patches/series0000664000000000000000000000061512327667606012055 0ustar upstream_Allocate-one-more-byte-for-slash.patch upstream_Removed-not-needed-strdup.patch upstream_If-we-fail-creating-a-directory-log-it-into-syslog.patch upstream_If-we-can-t-open-the-file-where-salt-will-be-saved-f.patch upstream_If-kwallet_hash-fails-return-with-PAM_IGNORE.patch upstream_Add-more-checks-against-null-fd.patch upstream_Replace-fprintf-with-syslog-and-add-some-extra-ones.patch debian/patches/upstream_Add-more-checks-against-null-fd.patch0000664000000000000000000000223712327666377021460 0ustar From 0eade32e28273e3d4f6eaae5185256f73ca95c74 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=80lex=20Fiestas?= Date: Mon, 28 Apr 2014 18:02:14 +0200 Subject: [PATCH 4/5] Add more checks against null fd. --- pam_kwallet.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pam_kwallet.c b/pam_kwallet.c index e621795..4fd9c9a 100644 --- a/pam_kwallet.c +++ b/pam_kwallet.c @@ -547,11 +547,19 @@ int kwallet_hash(const char *passphrase, struct passwd *userInfo, char *key) salt = createNewSalt(path, userInfo); } else { FILE *fd = fopen(path, "r"); + if (fd == NULL) { + syslog(LOG_ERR, "Couldn't open file: %s because: %d-%s", path, errno, strerror(errno)); + return 1; + } salt = (char*) malloc(sizeof(char) * KWALLET_PAM_SALTSIZE); memset(salt, '\0', KWALLET_PAM_SALTSIZE); fread(salt, KWALLET_PAM_SALTSIZE, 1, fd); fclose(fd); } + if (salt == NULL) { + syslog(LOG_ERR, "kwalletd: Couldn't create or read the salt file"); + return 1; + } gcry_error_t error; error = gcry_control(GCRYCTL_INIT_SECMEM, 32768, 0); -- 1.9.1 debian/patches/upstream_Replace-fprintf-with-syslog-and-add-some-extra-ones.patch0000664000000000000000000000353012327666377025426 0ustar From af786456bfa3402fc0a6f191f41686b2ab0b9005 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=80lex=20Fiestas?= Date: Mon, 28 Apr 2014 18:02:28 +0200 Subject: [PATCH 5/5] Replace fprintf with syslog, and add some extra ones. --- pam_kwallet.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pam_kwallet.c b/pam_kwallet.c index 4fd9c9a..ed0a89f 100644 --- a/pam_kwallet.c +++ b/pam_kwallet.c @@ -524,7 +524,7 @@ static char* createNewSalt(const char *path, struct passwd *userInfo) fclose(fd); if (chown(path, userInfo->pw_uid, userInfo->pw_gid) == -1) { - syslog(LOG_INFO, "Couldn't change ownership of the socket"); + syslog(LOG_ERR, "Couldn't change ownership of the created salt file"); } return salt; @@ -532,10 +532,9 @@ static char* createNewSalt(const char *path, struct passwd *userInfo) int kwallet_hash(const char *passphrase, struct passwd *userInfo, char *key) { if (!gcry_check_version("1.5.0")) { - fprintf(stderr, "libcrypt version is too old \n"); + syslog(LOG_ERR, "kwalletd: libcrypt version is too old"); return 1; } - fprintf(stderr, "libcrypt initialized\n"); char *fixpath = "share/apps/kwallet/kdewallet.salt"; char *path = (char*) malloc(strlen(userInfo->pw_dir) + strlen(kdehome) + strlen(fixpath) + 3);//3 == / and \0 @@ -564,9 +563,10 @@ int kwallet_hash(const char *passphrase, struct passwd *userInfo, char *key) gcry_error_t error; error = gcry_control(GCRYCTL_INIT_SECMEM, 32768, 0); if (error != 0) { - fprintf(stderr, "Can't get secure memory: %d\n", error); + syslog(LOG_ERR, "kwalletd: Can't get secure memory: %d", error); return 1; } + gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); error = gcry_kdf_derive(passphrase, strlen(passphrase), -- 1.9.1 debian/patches/upstream_Allocate-one-more-byte-for-slash.patch0000664000000000000000000000151612323176127021667 0ustar From 45e12722f4c9a752d132527edcfe98ca4f166604 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=80lex=20Fiestas?= Date: Tue, 15 Apr 2014 11:09:43 +0200 Subject: [PATCH] Allocate one more byte for slash --- pam_kwallet.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pam_kwallet.c b/pam_kwallet.c index 2040053..17195dd 100644 --- a/pam_kwallet.c +++ b/pam_kwallet.c @@ -338,7 +338,7 @@ static void start_kwallet(pam_handle_t *pamh, struct passwd *userInfo, const cha return; } - int len = strlen(socketPath) + strlen(userInfo->pw_name) + 8;// 8 = .socket+null + int len = strlen(socketPath) + strlen(userInfo->pw_name) + 9;// 9 = slash+.socket+null char *fullSocket = (char*) malloc(len); sprintf(fullSocket, "%s/%s%s", socketPath, userInfo->pw_name, ".socket"); -- 1.9.1 debian/patches/upstream_Removed-not-needed-strdup.patch0000664000000000000000000000202212327667554020535 0ustar From 675c33646d21217b9328c93fa5184e14a8fe4316 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=80lex=20Fiestas?= Date: Mon, 28 Apr 2014 17:17:12 +0200 Subject: [PATCH] Removed not needed strdup We used to use putenv which requires a copy of the string, now we use setenv that does not. --- pam_kwallet.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pam_kwallet.c b/pam_kwallet.c index 7c727fb..392f029 100644 --- a/pam_kwallet.c +++ b/pam_kwallet.c @@ -342,7 +342,7 @@ static void start_kwallet(pam_handle_t *pamh, struct passwd *userInfo, const cha char *fullSocket = (char*) malloc(len); sprintf(fullSocket, "%s/%s%s", socketPath, userInfo->pw_name, ".socket"); - int result = set_env(pamh, "PAM_KWALLET_LOGIN", strdup(fullSocket)); + int result = set_env(pamh, "PAM_KWALLET_LOGIN", fullSocket); if (result != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "pam_kwallet: Impossible to set PAM_KWALLET_LOGIN env, %s", pam_strerror(pamh, result)); return; -- 1.9.1 debian/rules0000775000000000000000000000003712321454211010243 0ustar #!/usr/bin/make -f %: dh $@ debian/source/0000775000000000000000000000000012321454211010463 5ustar debian/source/format0000664000000000000000000000001412321454211011671 0ustar 3.0 (quilt) debian/changelog0000664000000000000000000000412012327670205011043 0ustar pam-kwallet (0.0~git20140410-0ubuntu2.1) trusty; urgency=medium * Import upstream patch set to improve reliability and debugability: + upstream_Removed-not-needed-strdup.patch Remove an unnecessary strdup. UBUNTU-ERROR: 30e961156f64c241b58a65ecbb009688e3aeb2ec LP: #1314118 + upstream_If-we-fail-creating-a-directory-log-it-into-syslog.patch Adds logging on directory creation failure + upstream_If-we-can-t-open-the-file-where-salt-will-be-saved-f.patch If the salt file cannot be opened, fail properly instead of running into nullptr fd crashes UBUNTU-ERROR: ae1ef304fcd7d26e215563c4c95fcb25a74a6559 LP: #1314119 + upstream_If-kwallet_hash-fails-return-with-PAM_IGNORE.patch When hash creation fails, fail properly instead of allowing for crashes later on. + upstream_Add-more-checks-against-null-fd.patch Adding nullptr checks after selected fopen() and mallocs UBUNTU-ERROR: 28ad0356a00142a5ec12fb842f15e18f3fae1a63 LP: #1314120 + upstream_Replace-fprintf-with-syslog-and-add-some-extra-ones.patch Prefering syslog over fprintf and adding more logging on failure -- Harald Sitter Tue, 29 Apr 2014 11:12:58 +0200 pam-kwallet (0.0~git20140410-0ubuntu2) trusty; urgency=medium * Add upstream_Allocate-one-more-byte-for-slash.patch from upstream to prevent PAM crashes on login due to too tiny allocs. -- Harald Sitter Tue, 15 Apr 2014 11:31:14 +0200 pam-kwallet (0.0~git20140410-0ubuntu1) trusty; urgency=medium * New git snapshot refining everything to production quality LP: #1305307 * Add dependency on socat -- Harald Sitter Thu, 10 Apr 2014 10:38:36 +0200 pam-kwallet (0.0~git20140407-0ubuntu1) trusty; urgency=medium * New git snapshot actually installing something... -- Harald Sitter Mon, 07 Apr 2014 16:59:49 +0200 pam-kwallet (0.0~git20140218-0ubuntu1) trusty; urgency=low * Initial release -- Rohan Garg Tue, 18 Feb 2014 13:12:41 +0100 debian/copyright0000664000000000000000000000663112321454211011124 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: pam-kwallet Source: Files: * Copyright: 2014 by Alejandro Fiestas Olivares License: LGPL-2.1+ This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. . This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. . You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA . On Debian systems, the complete text of the GNU Lesser General Public License version 2 can be found in "/usr/share/common-licenses/LGPL-2". Files: cmake/modules/FindLibGcrypt.cmake cmake/modules/FindPAM.cmake Copyright: 2006 Brad Hards 2014 Alejandro Fiestas Olivares License: BSD Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: . 1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. . THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Files: debian/* Copyright: 2014 Rohan Garg License: GPL-2+ This package is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. . This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program. If not, see . On Debian systems, the complete text of the GNU General Public License version 2 can be found in "/usr/share/common-licenses/GPL-2". debian/control0000664000000000000000000000073012321454211010566 0ustar Source: pam-kwallet Section: kde Priority: optional Maintainer: Kubuntu Developers XSBC-Original-Maintainer: Rohan Garg Build-Depends: debhelper (>= 9), cmake, libpam0g-dev, libgcrypt11-dev Standards-Version: 3.9.5 Package: pam-kwallet Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, socat Description: KWallet integration with PAM Integrated KWallet with PAM so you can log in to open a KWallet. debian/compat0000664000000000000000000000000212321454211010361 0ustar 9